Program: Management Information Systems. David Pfafman 01/11/2006

Transcription

1 Effective 04/20/2005 Page POLICY: PURPOSE: It is the policy of to provide a plan to insure the accessibility of protected health information (PHI) in the event of data loss due to an emergency or disaster such as fire, vandalism, terrorism, system failure or natural disaster. HPN is required by law to take reasonable steps to ensure accessibility to PHI and tax related data even in the event of a catastrophe; or at a least minimize the amount of time that PHI and tax related data is unavailable. No two disasters are the same and it is impossible to protect ourselves from every possible type of disaster; as such, the purpose of this policy is to implement the following steps which need to be followed independent of the type and scope of the disaster or catastrophe. DEFINITIONS: PROCEDURE: 1. Security Officer (SO) - Responsible for administering the information security policies. 2. Host - A computer system that provides computer service for a number of users. 3. Server - A computer program that provides services to other computer programs in the same or another computer. A computer running a server program is frequently referred to as a server, though it may also be running other client (and server) programs. 4. Firewall - An access control mechanism that acts as a barrier between two or more segments of a computer network or overall client/server architecture, used to protect internal networks or network segments from unauthorized users or processes. Disaster Recovery Plan 1. Assess damage, notify all appropriate personnel, assemble recovery teams, provide infrastructure (space, power, cooling, network, etc.), secure needed hardware and supplies, retrieve backup tape/s from safe or off-site storage, install operating systems on restored servers, restore applications and institutional data, and thoroughly test before going on-line.

2 Effective 04/20/2005 Page Interim Manual Procedures 1. Identify the procedure 2. Identify those with the knowledge, skill and ability to complete the procedure manually 3. Determine how long the process can be interrupted before proceeding manually 4. Develop detailed documentation on how the procedure will be performed 5. Determine how data is reintegrated once the IT-based system is restored 6. For the purpose of this policy we will focus on four specific scopes of disaster without specifying the type. 7. Single drive failure or data corruption, malicious software Denial of Service attacks (DOS), hacks, viruses or worms. Typically these are always partial day outages at most. 8. Loss of a server or multiple servers. For this type of disaster expect 1-7 days with lingering effects in the case of a complete data center loss. 9. Complete data center loss or catastrophic loss of a site or multiple sites. 10. Loss of utilities and or telephone. With these different scopes there will be different levels continuation of business function. 11. In all of these scenarios the data backup is the key to any successful disaster recovery as such HPN and all entities are required to adhere to the HPN policy for data backup and retention (policy ). As such each site is required to perform nightly backups on a two week rotation or cycle and keeping month-end tapes stored off-site for 1 year and year-end tapes stored off-site indefinitely. All other tapes should be stored in a fire-proof safe designed to protect media. (A normal fire-proof safe is designed to keep important papers from burning however tape media or CD/DVD media will be destroyed at temperatures much lower than the ignition point of paper.

3 Effective 04/20/2005 Page Backups will be restored to a non-production server on a regular basis to verify the integrity of the backups. For consistency from site to site all locations will use Veritas Backup exec as their primary backup software. 13. Additionally all sites will have redundant LTO4 tape drives in place. Though other legacy drives can be used until in addition to the LTO4 drives. 14. Also relevant to all of these scenarios is the emergency notification list with their responsibilities. The emergency notification list is policy In the event of a disaster local groups are required to notify at least one of the following: For data and operations disasters the HPN VP of MIS, for hardware or technical issues the HPN Director of IT for data security issues the HPN Information Security Officer (ISO). 15. The procedures for restoring PHI vary according to the scope of the disaster. 16. For single drive failure replacement of the defective drive is all that needs to be done because all mission critical servers are configured utilizing hardware RAID 5/10 technology. For data corruption and malicious software start trying to identify the scope of the corruption and/or isolate the compromised machine then contact the HPN ISO. Worst case scenario is that the data will have to be restored from the previous night s backup. 17. For single server failure, we will need to determine if the system is still under warranty. If so, get it fixed under warranty, and restore any lost data from tape. If it is not under warranty or there is going to be a delay in repair, the HPN Director of IT may know of other assets that can be reallocated on a temporary basis until the server can be repaired or replaced. For the loss of multiple servers we may need to move some or all of the data center functions to one of the other southern California data centers. In the case of a single or multiple server failure communications between the groups is critical as we can share assets between the groups in order to minimize downtime and loss to the company. 18. For complete data center loss or catastrophic site loss we still need to get mission critical systems up and functional as soon as possible. Because all of the southern California sites have remote sites that depend on the data at the primary site even though the site is down there are still people who need access to that data. 19. Additionally, as previously stated, we are legally required to maintain the accessibility of PHI as well as tax information. Since it is doubtful that any one data center will have the resources

4 Effective 04/20/2005 Page to duplicate all of the functions of a remote data center it will be necessary to share the burden of the data center that is down across the remaining data centers. As an example if HPN Northridge is destroyed by an earthquake, RMG and HPN finance would both be down. RMG EZ-CAP and other critical systems could be restored at DMG; HPN s data warehouse could be moved to BFMC with the and MAS-90 functions being covered by the Lancaster facility. Then we create a couple VPN s and re-configure a few routers and workstations and at least the data is accessible again. Additionally, key personnel could be re-deployed to training rooms and conference rooms at the other facilities. Depending on the size of the disaster, one could expect to have very limited functionality in 2-3 days and be semi-functional within a week. Provisions will have to be made for critical phone numbers to be forwarded to functional phones. In the case of a regional disaster we need to be prepared to forward phones to a site out of the affected area. Sites also need to be prepared for the possibility of cell phone service being out as well. After major catastrophes such as 9-11, Katrina and the Northridge earthquake cell phone service was disrupted. Even in the best case the cell phone circuits would be overloaded and in a worst case they could be down for weeks. 20. Even though loss of electricity and/or phones is normally a short term occurrence it is potentially as damaging as an actual disaster. Our customers and patients may not be experiencing the same outages that we are and may lose faith in our ability to provide high quality service to them. Unfortunately there is little that can be done to fix the electricity or phones when they go out. Therefore HPN should plan ahead for outages of both. As such all mission critical servers, communications equipment, phone/pbx systems and workstations should have uninterruptible power supplies that will provide service for a minimum of 1 hour. Diesel generators should be installed at clinics if feasible. There will also be as much redundancy into our phones as possible. This can be done by using multiple carriers, having cell phones and single line phones to be used as backups or setting up VOIP or a PRI as a backup phone circuit. If one goes down, switch to the other. 21. Mission critical functions are those that are restored first in the event of a disaster. These applications are currently determined to be applications that contain critical data for continuity of business for UM, QI, clinical services, finance and the business office. These critical systems may change periodically as the organization s needs change and will be reviewed.

5 Effective 04/20/2005 Page Currently there are seven systems that are mission critical systems that have to be functional for us to provide service to patients: a. Phones b. EZ-CAP, including authorization and claims c. HDS applications d. NextGen e. Exchange f. Internet connectivity g. MAS There are a lot of other ancillary programs that help us do a better job but we could still function without them, just not as well. As we add new systems and functionality it should be determined if that application is mission critical or ancillary in nature. A few examples of ancillary systems or non-mission critical systems are listed below. a. Fax servers b. Claims Imaging c. EZ-Net d. EZ-EDI server e. Intranet 23. A log book should be kept in the safe and used to log all system outages (planned and unplanned), hardware failures, tape backup failures, data corruption and data loss to critical system. A copy of this log should also be kept electronically. 24. Everyone on the emergency notification and all MIS and IT staff should be trained as to where the disaster recovery plan is located and who to notify in case of a disaster. MIS and IT staff should know which non-mission critical systems and hardware need to be shut down to preserve battery life on the UPS s. All pertinent MIS and IT staff should know how to restore critical systems from tape using Backup exec. That way they are not putting a production system at risk while they are learning how to perform system restorations. 25. The disaster recovery plan should be distributed to everyone in the emergency notification list. A copy of the plan should be kept in plain sight in the server room and a copy should be kept in the safe just in case all of the other copies get destroyed. 26. Communications related to the systems availability will be provided through all methods available at the time. This communication will be made to both internal staff and to external providers, members, and to the public through the following channels: company website, provider portals, fax notifications, and/or telephone communications.

6 Effective 04/20/2005 Page The disaster recovery process will be tested periodically, at a minimum annually, to determine that the procedures ensure properly continuity of the critical systems. Some of the 28. The disaster recovery (contingency) plan will be revised when new critical systems are implemented as well as periodically to ensure that it is comprehensive for business continuity.

Module 7: System Component Failure Contingencies Introduction The purpose of this module is to describe procedures and standards for recovery plans to be implemented in the event of system component failures.

7 Appendix A ICT Disaster Recovery Plan Definition of a Disaster A computer disaster is the occurrence of any computer system or associated event which causes the interruption of business, leading in the

TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January

Disaster Recovery Review FREE Promotional Offer Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009! This review is designed to help the small business better

Business Continuity Plans- Technology Preparation Instructions Lutheran Community Services Northwest has operational offices in almost 30 separate locations throughout the states of Washington, Oregon,

APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 20 th October 2015 Signed: Chair of Governors Date: Version Authorisation Approval

SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one

Summary The aim of this article is to present some basic information about Small Business Server 2003 and how it can fit in with your business. Topics What is Small Business Server? (also known as SBS)

Disaster Recovery Backup Policy Jane Drews What is Disaster Recovery Knowing how to react properly in an emergency is critical to making the right decisions to minimize damage and quickly restore operations.

Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

Instructions for Using Online HIPAA Security Plan Generation Tool Contents Step 1 Set Up Account... 2 Step 2 : Fill out the main section of the practice information section of the web site.... 3 The next

Be Prepared How Small/ Mid Size Companies Can Protect Their Business By Sean W. O Donnell, President, Datacor, Inc. Introduction Recent disasters have brought the need for organizations to focus on business

Business Continuity Planning (BCP) / Disaster Recovery (DR) Introduction Interruptions to business functions can result from major natural disasters such as earthquakes, floods, and fires, or from man-made

Version: 1.5 2014 Page 1 of 5 1.0 Overview A backup policy is similar to an insurance policy it provides the last line of defense against data loss and is sometimes the only way to recover from a hardware

Meaningful Use and Core Requirement 15 How can I comply the lack of time and staff... www.compliancygroup.com 1 Meaningful Use and Core Requirement 15 Meaningful Use Protection of Protected Health Information

BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

The Benefits of Continuous Data Protection (CDP) for IBM i and AIX Environments New flexible technologies enable quick and easy recovery of data to any point in time. Introduction Downtime and data loss

Backup and Redundancy White Paper NEC s UC for Business Backup and Redundancy allow businesses to operate with confidence, providing security for themselves and their customers. When a server goes down

The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project

Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

MEDIAROOM Products Hosting Infrastructure Documentation Introduction The purpose of this document is to provide an overview of the hosting infrastructure used for our line of hosted Web products and provide

Mastering Disaster A DATA CENTER CHECKLIST Disaster Doesn t Sleep It s not always a hurricane or a power grid failure that causes businesses to lose their data. More often than not, an isolated event like

Abstract Hopefully you have taken the necessary steps to protect data access from unauthorized users with firewalls and other HIPAA security measures but are you protected in the event of a disaster? The

Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

Guidelines for Indian Government Websites CH 08 8.1 8.2 8.3 Hosting Service Provider Contingency Management Guidelines for Indian Government Websites 8.1 The fundamental purpose of a Government website

Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

DISASTER RECOVERY WITH AWS Every company is vulnerable to a range of outages and disasters. From a common computer virus or network outage to a fire or flood these interruptions can wreak havoc on your

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

DR Risk Assessment White Paper This document provides an overview of Equilibrium s disaster recovery risk analysis and remediation methodology. This methodology was developed over a period of 10+ years